1. Ethics
Chulantha Kulasekere
Department of Electronic and Computer Engineering
Sri Lanka Institute of Information Technology
chulantha.k@sliit.lk
October 12,2013
ECK/2013 (SLIIT)
FCCS
October 12, 2013
1/5
2. Ethics and Cyber Security
Why is ethics important from the point of view of cyber security?
It is critical to understand the ethical responsibilities of your work as you
will be dealing with privacy and secrecy issues
All security setups and incident investigations have a legal and ethical
components.
How you deal with the ethical component of your work is crucial as it
can increase the liability of both your organization and yourself.
Organizations should demand that the employees have a strong ethical
behavior.
Security setup, as mentioned before, specifies the rules and procedures
which ultimately determine the behavior of employees.
A computer security professional maintains security by developing and
helping with the implementation of security policies.
The security policies are enforceable when the following requirements
are met:
the policy has been communicated to all staff
the policy is easily comprehended by all staff
compliance with the policy is agreed with by the staff
the enforcement is uniform and consistent
ECK/2013 (SLIIT)
FCCS
October 12, 2013
2/5
3. Ethics and Professional Organizations
There is no universal binding ethics code for computer security
professionals.
Different international professional organizations (ACM, SANS,
ISACA) provide their own guidelines on ethical behavior.
Information Systems Audit and Control Association (ISACA):
https://www.isaca.org
SANS Training Institute: http://www.sans.org/
Association for Computing Machinery (ACM) Special group on Security,
Audit and Control (SIGSAC): http://www.sigsac.org/
The Australian Computer Society has its own recommendations on
ethics.
ECK/2013 (SLIIT)
FCCS
October 12, 2013
3/5
4. Ethics Rules
http://computerethicsinstitute.org/images/TheTenCommandmentsOfComputerEthics.pdf
The ethics rules specified by the Computer Ethics Institute are as
follows:
Thou shalt not use a computer to harm other people.
Thou shalt not interfere with other people’s computer work.
Thou shalt not snoop around in other people’s computer files.
Thou shalt not use a computer to steal.
Thou shalt not use a computer to bear false witness.
Thou shalt not copy or use proprietary software for which you have not
paid.
Thou shalt not use other people’s computer resources without
authorization or proper compensation.
Thou shalt not appropriate other people’s intellectual output.
Thou shalt think about the social consequences of the program you are
writing or the system you are designing.
Thou shalt always use a computer in ways that ensure consideration and
respect for your fellow humans.
ECK/2013 (SLIIT)
FCCS
October 12, 2013
4/5
5. Ethics and Ethical Behavior
Ethics and ethical behavior vary depending on the country or culture
that one has interaction with.
This is a significant problem especially when attempting to handle
groups across area with different ethical expectations and enforcement
mechanisms.
Education and training are key in reducing unethical behavior.
Causes of unethical behavior:
Ignorance
Accident
Intent
ECK/2013 (SLIIT)
FCCS
October 12, 2013
5/5
6. Preventing Unethical Behavior
The computer security professionals have a responsibility to prevent
unethical or illegal behavior.
Deterrence can be enhanced if there is a concerted effort to highlight
through training the type of behavior that is unacceptable and the
consequences of such behavior, specifically one needs to ensure that:
the penalty is appropriate to discourage repeat offending
the likelihood that the offense is detected is high
the enforcement of the penalties is carried out according to the security
policy
ECK/2013 (SLIIT)
FCCS
October 12, 2013
6/5
7. Ethical Issues in Cyber Security
Security rights
Hackers
Domains
Illegal Downloading of Material
Private vs public information
Commercial collection of personal information
Misuse of corporate resources
Software piracy
ECK/2013 (SLIIT)
FCCS
October 12, 2013
7/5